The Doppler Quarterly Fall 2017 - Page 17

People, Process & Technology In addition to the areas above, we also assist clients with security concerns around some of the newer focus areas such as IoT solutions, Big Data offerings, and containers. Security is a very complex topic that touches every aspect of the organization. Technology alone is not a sufficient answer to a comprehensive security pos- ture problem. People It’s all about the people. One can make an argument that technology is easy, and, to a certain extent, it is. Changing people, their culture and mentality is more challenging. We help our clients get past the Fear, Uncertainty, and Doubt (FUD) stage and educate them on all aspects of cloud security. We also work with internal security and compliance groups to figure out what skills and hab- its they need to acquire (or drop) in order to do their job more effectively on the cloud. Process As the saying goes, there’s no point in doing things right if you’re not doing the right things. Quite often we hear from clients: “Yes, but this is how we do it now.” Everyone has a natural tendency to compare future state to the current state because current state is well understood and people are comfortable with it. But you should change your mindset away from “How we do it” to “Why we do it?” Presumably, you’re performing a process to achieve a certain objec- tive. Success is measured by reaching the objective, regardless of process. And some processes are different on the cloud due to inherent differences in oper- ational mode, not to mention the ever-expanding level of automation available. We help our clients work through those challenges and establish appropriate processes and procedures on AWS to satisfy their objectives. Technology “He who dies with the most toys wins!” Is this still true? We think not. When we work with our clients, we quite often discover a plethora of on-premise tools from CA, HP, IBM, BMC, etc. Most enterprises typically acquired numerous tools and point-solutions over the years to address various needs. But not all of those tools are well suited for the cloud. Some are plain unnecessary since AWS might already have certain capabilities right out of the box. We help our clients rationalize their technology footprint on the cloud to achieve the security objectives they need. We help them rationalize their existing tools and recom- mend new “cloudy” ones that are a better fit for their goals. We accomplish all these things via the capabilities we’ve built into our Security and Governance Practice. FALL 2017 | THE DOPPLER | 15